Chaosversum

**Name of the Vulnerable Software and Affected Versions** Symfony versions 2.7.0 through 2.7.48 Symfony versions 2.8.0 through 2.8.43 Symfony versions 3.3.0 through 3.3.17 Symfony versions 3.4.0 through 3.4.13 Symfony versions 4.0.0 through 4.0.13 Symfony versions 4.1.0 through 4.1.2 **Description** An issue was discovered in HttpKernel when using HttpCache. The values of the `X-Forwarded-Host` headers are implicitly set as trusted, which should be forbidden, leading to potential host header injection. **Recommendations** For Symfony versions 2.7.0 through 2.7.48, update to a version outside of this range to resolve the issue. For Symfony versions 2.8.0 through 2.8.43, update to a version outside of this range to resolve the issue. For Symfony versions 3.3.0 through 3.3.17, update to a version outside of this range to resolve the issue. For Symfony versions 3.4.0 through 3.4.13, update to a version outside of this range to resolve the issue. For Symfony versions 4.0.0 through 4.0.13, update to a version outside of this range to resolve the issue. For Symfony versions 4.1.0 through 4.1.2, update to a version outside of this range to resolve the issue.